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Claims 

What is claimed is: 

1 . A system to facilitate substantially secure communication of data from a user- 
level process^ comprising: 

at least a first queue associated with the process, such that the process is 
operative to directly communicate a message relative to the first queue; and 

a first communication context operative to communicate the message between 
the first queue and a second communication context; 

wherein communication between the first queue and the first communications 
context is controlled based on whether an appropriate association exists between the first 
queue and the first communications context, the association between the first queue and the 
first communications context being provided through a privileged operation not adjustable by 
the first process. 

2. The system of claim 1 , wherein the first queue and the first communication 
context reside at a first node that is different from that of the second communication context, 

3 . The system of claim 2, fiirther comprising an interface at the first node 
operative to validate messages communicated from the first queue to the first communication 
context. 

4. The system of claim 3, wherein the interface is operative to prevent messages 
from being communicated from the first queue to the first communication context if an 
association mismatch exists between the first queue and the first communication context. 

5. The system of claim 2, wherein the appropriate association between the first 
queue and the first communication context requires membership to a common domain. 
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6. The system of claim 5, further comprising a second queue associated with a 
second process at the first node, such that the second process is operative to directly 
communicate a message to the second queue. 

7. The system of claim 6, wherein the second queue is associated with the 
common domain through a privileged operation, such that the first and second queues can 
share the first communication context to communicate messages through a channel defined 
by the first communication context and the second communication context, each of the first 
and second queues being operative to communicate messages with at least one process at a 
node where the second communication context resides. 

8. The system of claim 7, wherein the first process further comprises a process 
operating in a user mode and the second process comprises a process operating in a user 
mode. 

9. The system of claim 6, further including a third conmiunication context 
associated with the second queue through a privileged operation at the first node, the third 
communication context enabling communication between the third conmiunication context 
and a fourth communication context that resides a node different from the first node. 

10. The system of claim 9, wherein the common domain is a first domain, the 
association between the second queue and the third communication context corresponding to 
a second domain that is different firom the first domain, wherein each communication channel 
estabhshed in the second domain is isolated from each channel established in the first 
domain. 

11. The system of claim 1 , wherein the first queue and the first communication 
context reside at a first node that is different fi-om a second node at which the second 
communication context resides, the system further comprising a third communication context 
at the first node to enable communication of messages between the third communication 
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context and a fourth communication context that resides at a third node that is different from 
the first node. 

12. The system of claim 1 1, wherein the first queue is associated with the third 
communication context through a privileged operation, such that the first process is operative 
to communicate the message over a communication channel established between the third 
communication context and a fourth communication context that resides at the third node, 
which is different from the second node. 

13. The system of claim 11, wherein the first queue and the first communication 
context are associated so as to be part of a first domain, the system finther comprising a 
second queue is associated with a second process, the second queue being associated with a 
third communication context so as to be part of second domain that is isolated relative to the 
first domain. 

14. A system to facilitate communication of data, comprising: 

a virtual hardware component at a first node operable to communicate a 
message received directly from an associated process; and 

a first channel endpoint established at the first node, the first channel endpoint 
being operative to communicate messages to a second channel endpoint residing at a second 
node; 

wherein each of the virtual component and the first channel endpoint is 
associated with a respective domain through a privileged operation at the first node, 
communication of messages between the virtual component and the first channel endpoint 
being controlled based on vahdation of the respective domains for the virtual component and 
the first channel endpoint. 

15. The system of claim 14, wherein hardware at the first node is operative to 
prevent messages from being sent between the virtual component and the first chaimel 
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endpoint in response to detecting an invalid association between the virtual component and 
the first channel endpoint. 

16. The system of claim 14, wherein the virtual component is a first virtual 
component, the system further comprising a second virtual hardware component operative to 
communicate a message directly with an associated process at the first node. 

17. The system of claim 16, wherein the second virtual hardware component and 
the first virtual hardware component are members of a conmion domain, domain membership 
being assigned through a privileged operation not adjustable by the first or second process, 
wherein the first and second virtual components are operative to share the first channel 
endpoint of the first node, such that each of the first and second processes can communicate 
messages with at least one process at the second node. 

18. The system of claim 14, fiirther including a third channel endpoint at the first 
node, the third channel endpoint being operative to communicate messages with a fourth 
chaimel endpoint that resides at a node different fi*om the first node. 

19. The system of claim 18, wherein the virtual component is a first virtual 
hardware component, the system fiirther comprising a second virtual hardware component at 
the first node that is associated with the third channel endpoint through a privileged operation 
at the first node. 

20. The system of claim 19, wherein each of the first and third channel endpoints 
belongs to different domains, such that each communication channel established between 
associated channel endpoints in one of the domains is isolated firom each communication 
channel estabhshed between associated channel endpoints in each other of the domains. 

21. The system of claim 19, wherein each of the first and third channel endpoints 
belongs to a common domain, such that each of the first and second processes at the first 
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node is operative to share first and third channel endpoints to respectively communicate a 
message with at least one process at the second and third nodes based on data in the 
respective message. 

22. A system to facilitate communication of data, comprising: 

storage means for receiving a message provided directly from a user-level 

process; 

communication means associated with the storage means for, upon validation 
of a domain association between the storage means and the conamunication means, sending 
the stored request to a corresponding communication means at another node in the system; 
and 

vahdation means for vahdating the association between the between the 
storage means and the communication means, the storage means and the communication 
means being associated in a privileged operation not adjustable by user-level processes. 

23. A system to facilitate communication of data, comprising: 
virtual storage means at a first node for storing a message for direct 

communication relative to a user-level process; 

endpoint communication means at the first node for means for, upon 
determining a common domain membership for the storage means and the endpoint 
communication means, enabling communication between the virtual storage means and the 
endpoint communication means; and 

control means for independently controlling domain membership for each of 
the virtual storage means and the endpoint communication means. 

24. The system of claim 23, wherein the endpoint communication means further 
includes means for preventing communication of messages between the virtual storage 
means and the endpoint communication means in the absence of a common domain 
membership among virtual storage means and the endpoint communication means. 
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25. The system of claim 23, wherein the endpoint communication means further 
includes means for permitting communication of messages between the viitual storage means 
and the endpoint communication means when common domain membership exists among 
virtual storage means and the endpoint communication means. 

26. A computer-readable medium having computer-executable instructions for: 
in a privileged mode, setting domain membership for a queue of a first node 

and setting domain membership for a communication component of the first node, the 
communication component of the first node being operable to communicate messages with a 
corresponding communication component at a second node, the domain membership being 
inaccessible by user-level processes, the queue being mapped into memory of an associated 
user-level process at the first node, such that the user-level process can commimicate directly 
with the queue; and 

controlling communication of message between the queue and the 
communication component based on the domain membership set for each of the queue and 
the conmiunication component. 

27. The computer-readable medium of claim 26 having further computer- 
executable instructions for providing an error message to the associated user-level process if 
the domain membership between the queue and the communication component is invaUd. 

28. The computer-readable medium of claim 26 having further computer- 
executable instructions for analyzing the message to identify which of a plurality of 
communication contexts is designated and validating domain membership between the queue 
and the designated communication context to control conmiunication of the message between 
the queue and the designated communication context. 

29. A method to facilitate communication in a system architecture in which a 
process is operative to commimicate a message directly with a storage component coupled to 
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at least one local communications component in a node for communicating the message for 
receipt by a second communications component, the method comprising: 

associating the storage component with a domain for temporarily storing the 

message; 

associating the local communications component with a domain; and 
controlUng communication of a message between the storage component and 

the local communications component based on the domain of the storage component and the 

domain of the local communications component. 

30. The method of claim 29, wherein the domain for the storage component and 
the domain for the association of the local communications component are implemented 
independently in privileged operation not adjustable by the user-level process. 

31. The method of claim 30, wherein the controlling further comprises vahdating 
the domain of the storage component relative the domain of the local communication 
component. 

32. The method of claim 3 1 , further comprising preventing communication of the 
message from the storage component to the communication component in the absence of a 
match between the domain of the storage component and the domain of the communication 
component. 

33. The method of claim 32, further comprising generating an error message in 
the absence of a match between the domain of the at least part of the storage component and 
the domain of the communication component. 

34. The method of claun 32, further comprising sending the message from the 
storage component to the communication component in response to a valid association 
existing between the domain of the storage component and the domain of the communication 
component. 
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35. The method of claim 30, further comprising discerning from the message 
which of at least one of a plurality of communication components is designated and 
validating association between the storage component and each designated communication 
component to control communication of the message between the storage component and 
each designated communication component. 
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